DNSSEC is an assertion of validitity of the DNS. EV certs assert that the business behind the cert is legit.
Certs regardless of the class enables encryption. Thus DNSSEC would, in theory, prevent a cert from being stolen. So rather than replacing, or weakening CAs and PKI, it would enhance reliability, and close the threat of a blended (and undetectable) attack of a compromised cert and pharming. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anders Rundgren Sent: Monday, November 10, 2008 1:25 AM To: mozilla's crypto code discussion list Subject: DNSSEC? Re: MITM in the wild I haven't followed this lengthy discussion in detail but I have for a long time wondered how DNSSEC and SSL-CA-Certs should coexist. Which one will be the "most" authoritative? Could DNSSEC (if it finally succeeds) be the end of SSL-CA-certs? Anders _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
